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SYSTEM AND METHOD FOR PROVIDING A FAULT-RESILIENT BOOT 

Background 

The disclosures herein relate generally to computer systems and more 
particularly to a system and method for providing a fault-resilient boot. 

A computer system may be configured to operate in a kiosk or other remote 
location. When a computer system operates in a remote location, however, the 
ability of the computer system to reliability boot itself becomes a concern. In 
particular, the concern may focus on the reliability of the components of the 
computer system that are most responsible for booting the computer system, such 
as a hard disk drive. To ensure reliability, some computer systems may employ 
redundant components to provide a back-up to the primary components. Other 
computer systems may employ components that are designed with enhanced 
reliability characteristics. Unfortunately, redundant components or components with 
enhanced characteristics may increase the total cost of the computer system. 

It would be desirable to for a remote computer system to include a measure 
of reliability regarding its ability to boot. Therefore, what is needed is a system and 
method for providing a fault-resilient boot. 
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Summary 

One embodiment, accordingly, provides a computer system configured to 
retrieve a preboot image from a first remote location and execute the preboot image. 
5 The preboot image is configured to cause the computer system to detect a status 
indication associated with a previous boot attempt by the computer system, and, in 
response to the status indication indicating a local boot attempt state, to retrieve a 
first boot image from a second remote location and to boot the computer system 
using the first boot image. 

10 

A principal advantage of this embodiment is that it provides a computer 
system with a fault-resilient boot system and method. If the computer system fails 
to boot using a local boot image, the system retrieves a remote boot image and 
boots using the remote boot image. In addition, an administrator of the computer 
is system can be notified of the problem automatically. 

Brief Description of the Drawings 

Fig. 1 is a diagram illustrating an embodiment of a client system coupled to a 

20 server. 

Fig. 2 is a flow chart illustrating an embodiment of a method for providing a 
fault-resilient boot. 

25 Fig. 3 is a state diagram illustrating an embodiment of states of a status 

indication. 
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Detailed Description 

As used herein, the term computer system refers to any type of computing 
device configured to execute software including a thin client system that may not 
include one or more components of a traditional computer system. 

Fig. 1 is a diagram illustrating an embodiment of a client system 120 coupled 
to a server 100. As shown in an expanded view 100a, server 100 includes a 
processor 102, a chipset 104, a plurality of devices 106a and 106b, and a memory 
108. Memory 108 is configured to store preboot image 1 10a and boot image 1 12a. 
As shown in a expanded view 120a, client system 120 includes a processor 122, a 
chipset 124, a plurality of devices 126a and 126b, a memory 128, a network device 
130, and a non-volatile memory 132. Memory 128 is configured to store preboot 
image 110b, boot image 1 1 2b, and boot image 1 34. Client system 1 20 and server 
100 are configured to communicate using any suitable communications mechanism 
such as the Internet, an intranet, a local area network, a wide area network, or a 
wireless network as indicated by an arrow 140. 

Client system 120 incorporates a fault-resilient boot system and method. In 
particular, client system 120 is configured to boot using a remote boot image in 
response to detecting a failure associated with an attempt to boot using a local boot 
image. As used herein, the term boot image refers to software configured to 
initialize a computer system and / or provide an operating environment. A boot 
image may include all or a part of an operating system such as Windows 95, 
Windows 98, Windows NT, or Windows 2000 from Microsoft Corporation. 

The boot order of client system 120 is set to boot first to a preboot 
environment and then to a local hard disk drive. The boot order may be set in a 
system firmware such as a basic input output system or other software configured to 



PATENT 

Docket No.: DC-02750 (16356.583) 

bring client system 120 out of a reset state. In one embodiment, software or other 
services available in the preboot environment may be defined by the Preboot 
Execution Environment (PXE) Specification available from Intel Corporation, 
ftp://download.intel.com/ial/wfm/pxespec.pdf , and incorporated by reference herein. 

5 

In response to being powered up or reset, client system 120 initiates a 
system firmware (not shown) which in turn initiates the preboot environment. In 
response to the preboot environment being initiated, network device 130 causes a 
predefined preboot image to be found on a remote computer system and 
10 downloaded onto client system 120. In the embodiment of Fig. 1 , network device 
130 causes preboot image 1 10a to be retrieved from server 100 and copied into 
memory 128 as indicated by preboot image 1 10b being shown in memory 128. 

Client system 120 executes preboot image 1 10b. Preboot image 1 10b 
15 includes instructions that are configured to cause client system 1 20 to determine 
whether to boot using local boot image 134 or remote boot image 112. Preboot 
image 1 10b includes instructions that cause this determination to be made using a 
status indication stored in non-volatile memory 132. Preboot image 110b also 
includes instructions that cause a state of the status indication to be changed in 
20 response to a previous state of the status indication as will be described in detail 
below. 

In one embodiment, the status indication in non-volatile memory 132 
indicates one of three possible states: an unknown state, a local boot attempt state, 
25 and a local boot successful state. The unknown state is the initial state. The local 
boot attempt state indicates that client system 120 attempted to boot using local 
boot image 134 on a previous boot attempt. The local boot successful state 
indicates that client system 120 successfully booted using local boot image 134 on a 
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previous boot attempt. In other embodiments, other similar states or names of 
states may be used. 

Preboot image 1 10b causes the state indicated by the status indication to be 
s detected. In response to the state being an unknown state or a local boot 
successful state, preboot image 1 10b assumes that client system 120 booted 
successfully using local boot image 134 on a previous boot attempt. Accordingly, 
preboot image 1 10b causes the state of the status indication to be set to the local 
boot attempt state and causes control of client system 120 to be returned to the 

io system firmware. The system firmware causes client system 120 to attempt to boot 
using local boot image 134. If client system 120 boots successfully using local boot 
image 134, then instructions in local boot image 134 cause the state of the status 
indication to be changed to the local boot successful state. If client system 120 does 
not boot successfully using local boot image 134, then local boot image 134 does 

is not causes the state of the status indication to be changed, i.e. the state remains in 
the local boot attempt state. The next time client system 120 boots, preboot image 
1 10b will either detect the local boot successful state indicating that client system 
120 booted successfully using the local boot image on a previous boot attempt or 
the local boot attempt state indicating that client system 120 did not boot 

20 successfully using the local boot image on a previous boot attempt. 

In response to the state of the status indication being the local boot attempt 
state, preboot image 1 10b assumes that client system 1 20 did not boot successfully 
using local boot image 134 on a previous boot attempt. Accordingly, preboot image 
25 1 10b causes boot image 1 12a to be located and downloaded onto client system 
120. In the embodiment of Fig. 1, remote boot image 1 12a is retrieved from server 
100 and copied into memory 128 as indicated by remote boot image 1 12b being 
shown in memory 128. Instead of causing control of client system 120 to be 
returned to the system firmware, preboot image 1 10b causes client system 120 to 

5 
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boot using remote boot image 1 12b. Preboot image 1 10b also causes an 
administrator to be notified that client system 120 failed to boot using local boot 
image 134 on a previous boot attempt. Preboot image 1 10b may notify the 
administrator in any suitable way such as by creating a log entry, sending an email, 
5 sending a message to a central computer system, or illuminating a visual indicator. 

In the embodiment of Fig. 1, preboot image 1 10a and remote boot image 
1 12a are stored on server 100. In other embodiments, preboot image 1 10a and 
remote boot image 1 12a may be stored in other storage locations accessible to 
10 client system 120. For example, preboot image 1 10a and remote boot image 1 12a 
may be stored on different servers or in the same or different disk array systems. In 
addition, client system 120 may access another server or other device to determine 
the location of preboot image 1 10a and remote boot image 1 12a. 

is Other variations may be made to the embodiment of Fig. 1 . For example, the 

status indication may be stored in a storage location on client system 120 other non- 
volatile memory 132 or may be stored externally from client system 120. Also, client 
system 120 may be a thin client system that does not include one or more 
components of a traditional computer system or may include other components not 

20 shown in Fig. 1 . In addition, preboot image 110 may be stored on a portable 

storage device such as a floppy disk or a CD-ROM before being copied onto server 
100. 

Fig. 2 is a flow chart illustrating an embodiment of a method for providing a 
25 fault-resilient boot. In the embodiment of Fig. 2, a preboot image is located and 
downloaded to a computer system as indicated in step 204. The preboot image is 
executed on the computer system as indicated in step 206. A boot status is 
detected as indicated in step 208. A determination is made as to whether the boot 
status is "unknown" or "local boot successful" as indicated in step 210. 
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If the boot status is "unknown" or "local boot successful", then the boot status 
is set to "local boot attempt" as indicated in step 212. The computer system is 
booted using a local boot image located on the computer system as indicated in 
5 step 214. The boot status is set to "local boot successful" as indicated in step 216. 
It is noted that if the computer system fails to boot as described in step 214, then 
the boot status is not set to "local boot successful" as described in step 216. 

If the boot status is not "unknown" or "local boot successful", then a remote 
10 boot image is located and downloaded as indicated in step 218. The computer 
system is booted using the remote boot image as indicated in step 220. An 
administrator is notified that the computer system booted using the remote boot 
image as indicated in step 222. 

is Fig. 3 is a state diagram illustrating an embodiment of states of a status 

indication. As described above, the status indication may be stored in a non-volatile 
memory such as non-volatile memory 132 in Fig. 1. The status indication begins in 
an unknown state 300. In response to a computer system attempting to boot using 
a local boot image, the status indication is transitioned to a local boot attempt state 

20 304 as indicated by an arrow 302. If the computer system successfully boots using 
the local boot image, then the status indication is transitioned to a local boot 
successful state 308 as indicated by an arrow 306. If the computer system does not 
successfully boot using the local boot image, then the status indication remains in 
local boot attempt state 304. From local boot successful state 308, the status 

25 indication is transitioned back to local boot attempt state 304 in response to the 
computer system attempting to boot using a local boot image. 

Although the embodiment of Fig. 3 describes unknown state 300, local boot 
attempt state 304, and local boot successful state 308, other embodiments may use 



7 



PATENT 

Docket No.: DC-02750 (16356.583) 

other names to describe these states. For example, unknown state 300 may be 
referred to as "initial" or "reset" state. Likewise, local boot attempt state 304 and 
local boot successful state 308 may be referred to by other names such as 
"previous local boot failed" and "previous local boot successful", respectively. 

As can be seen, the principal advantages of these embodiments are that they 
provide a computer system with a fault-resilient boot system and method. If the 
computer system fails to boot using a local boot image, the system retrieves a 
remote boot image and boots using the remote boot image. In addition, an 
administrator of the computer system can be notified of the problem automatically. 
The computer system may be configured to provide this ability with little or no 
additional cost to the consumer. 

Although illustrative embodiments have been shown and described, a wide 
range of modification, change and substitution is contemplated in the foregoing 
disclosure and in some instances, some features of the embodiments may be 
employed without a corresponding use of other features. Accordingly, it is 
appropriate that the appended claims be construed broadly and in a manner 
consistent with the scope of the embodiments disclosed herein. 
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